Add gitcookie configuration option

Add an option to specify a git http cookie file in the k8s yaml that will be configured as the global git cookie file in the git-sync client. This is a useful access mechanism for some some hosted repositories where SSH and passwords are not easily available, such as Google Cloud Source Repositories.
2018-05-15 09:27:47 -07:00 · 2018-05-15 09:27:47 -07:00 · f69e8fb2c0
parent 71ea5e8473
commit f69e8fb2c0
2 changed files with 87 additions and 0 deletions
--- a/cmd/git-sync/main.go
+++ b/cmd/git-sync/main.go
@ -69,6 +69,9 @@ var flSSH = flag.Bool("ssh", envBool("GIT_SYNC_SSH", false),
 var flSSHKnownHosts = flag.Bool("ssh-known-hosts", envBool("GIT_KNOWN_HOSTS", true),
 	"enable SSH known_hosts verification")

+var flCookieFile = flag.Bool("cookie-file", envBool("GIT_COOKIE_FILE", false),
+	"use git cookiefile")
+
 var log = newLoggerOrDie()

 func newLoggerOrDie() logr.Logger {
@ -160,6 +163,13 @@ func main() {
 		}
 	}

+	if *flCookieFile {
+		if err := setupGitCookieFile(); err != nil {
+			fmt.Fprintf(os.Stderr, "ERROR: can't set git cookie file: %v\n", err)
+			os.Exit(1)
+		}
+	}
+
 	// From here on, output goes through logging.
 	log.V(0).Infof("starting up: %q", os.Args)

@ -503,3 +513,22 @@ func setupGitSSH(setupKnownHosts bool) error {

 	return nil
 }
+
+func setupGitCookieFile() error {
+	log.V(1).Infof("configuring git cookie file")
+
+	var pathToCookieFile = "/etc/git-secret/cookie_file"
+
+	_, err := os.Stat(pathToCookieFile)
+	if err != nil {
+		return fmt.Errorf("error: could not find git cookie file: %v", err)
+	}
+
+	cmd := exec.Command("git", "config", "--global", "http.cookiefile", pathToCookieFile)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("error configuring git cookie file %v: %s", err, string(output))
+	}
+
+	return nil
+}
--- a/docs/cookie-file.md
+++ b/docs/cookie-file.md
@ -0,0 +1,58 @@
+# Using an Http Cookie File with git-sync
+
+Git-sync supports use of an HTTP Cookie File for accessing git content.
+
+# Step 1: Create Secret
+
+First, create a secret file from the git cookie file you wish to
+use.
+```
+kubectl create secret generic git-cookie-file --from-file=cookie_file=~/.gitcookies
+```
+
+# Step 2: Configure Pod/Deployment Volume
+
+In your Pod or Deployment configuration, specify a Volume for mounting the
+cookie-file Secret. Make sure to use the same name you used to create the
+secret (`git-cookie-file` in the example above).
+```
+volumes: [
+    {
+        "name": "git-secret",
+        "secret": {
+          "secretName": "git-cookie-file",
+        }
+    },
+    ...
+],
+```
+
+# Step 2: Configure git-sync container
+
+In your git-sync container configuration, mount your cookiefile at
+"/etc/git-secret". Ensure that the environment variable GIT_COOKIE_FILE
+is set to true, and that GIT_SYNC_REPO is set to use a URL with the HTTP
+protocol.
+```
+{
+    name: "git-sync",
+    ...
+    env: [
+        {
+            name: "GIT_SYNC_REPO",
+            value: "https://github.com/kubernetes/kubernetes.git"
+        }, {
+            name: "GIT_COOKIE_FILE",
+            value: "true",
+        },
+    ...
+    ]
+    volumeMounts: [
+        {
+            "name": "git-secret",
+            "mountPath": "/etc/git-secret"
+        },
+        ...
+    ],
+}
+```